# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-26856 |
522 |
|
|
2022-04-21 |
2022-05-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account. |
2 |
CVE-2022-26855 |
276 |
|
DoS |
2022-04-08 |
2022-04-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Dell PowerScale OneFS, versions 8.2.x-9.3.0.x, contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability, leading to a denial of service. |
3 |
CVE-2022-23163 |
668 |
|
DoS |
2022-04-12 |
2022-04-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability. |
4 |
CVE-2022-23158 |
200 |
|
+Info |
2022-04-01 |
2022-04-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A local authenticated user with standard privilege could potentially exploit this vulnerability and provide incorrect port information and get connected to valid WMS server |
5 |
CVE-2022-23157 |
200 |
|
+Info |
2022-04-01 |
2022-04-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Wyse Device Agent version 14.6.1.4 and below contain a sensitive data exposure vulnerability. A authenticated malicious user could potentially exploit this vulnerability in order to view sensitive information from the WMS Server. |
6 |
CVE-2022-22563 |
|
|
|
2022-04-08 |
2022-04-14 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. |
7 |
CVE-2022-22554 |
522 |
|
|
2022-01-24 |
2022-01-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC System Update, version 1.9.2 and prior, contain an Unprotected Storage of Credentials vulnerability. A local attacker with user privleges could potentially exploit this vulnerability leading to the disclosure of user passwords. |
8 |
CVE-2021-36341 |
200 |
|
+Info |
2021-12-21 |
2021-12-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access sensitive information. |
9 |
CVE-2021-36340 |
532 |
|
|
2021-11-20 |
2021-11-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. |
10 |
CVE-2021-36333 |
120 |
|
Overflow |
2021-11-23 |
2021-11-27 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash. |
11 |
CVE-2021-36319 |
668 |
|
+Priv |
2021-11-20 |
2021-11-23 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages. |
12 |
CVE-2021-36317 |
256 |
|
|
2021-12-21 |
2022-01-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. |
13 |
CVE-2021-36282 |
908 |
|
+Priv |
2021-08-16 |
2022-05-03 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC PowerScale OneFS versions 8.2.x - 9.1.0.x contain a use of uninitialized resource vulnerability. This can potentially allow an authenticated user with ISI_PRIV_LOGIN_CONSOLE or ISI_PRIV_LOGIN_SSH privileges to gain access up to 24 bytes of data within the /ifs kernel stack under certain conditions. |
14 |
CVE-2021-36280 |
732 |
|
|
2021-08-16 |
2021-08-25 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This could allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. |
15 |
CVE-2021-36278 |
532 |
|
|
2021-08-16 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC PowerScale OneFS versions 8.2.x, 9.1.0.x, and 9.1.1.1 contain a sensitive information exposure vulnerability in log files. A local malicious user with ISI_PRIV_LOGIN_SSH, ISI_PRIV_LOGIN_CONSOLE, or ISI_PRIV_SYS_SUPPORT privileges may exploit this vulnerability to access sensitive information. If any third-party consumes those logs, the same sensitive information is available to those systems as well. |
16 |
CVE-2021-21601 |
532 |
|
|
2021-08-10 |
2021-08-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC Data Protection Search, 19.4 and prior, and IDPA, 2.6.1 and prior, contain an Information Exposure in Log File Vulnerability in CIS. A local low privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with the privileges of the compromised account. |
17 |
CVE-2021-21587 |
200 |
|
+Info |
2021-07-15 |
2021-07-31 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders. |
18 |
CVE-2021-21562 |
426 |
|
|
2021-08-03 |
2021-08-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control. |
19 |
CVE-2021-21561 |
532 |
|
+Priv |
2021-11-23 |
2021-11-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files. |
20 |
CVE-2021-21559 |
295 |
|
|
2021-06-08 |
2021-06-16 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
Partial |
None |
Dell EMC NetWorker, versions 18.x, 19.1.x, 19.2.x 19.3.x, 19.4, and 19.4.0.1 contain an Improper Certificate Validation vulnerability in the client (NetWorker Management Console) components which uses SSL encrypted connection in order to communicate with the application server. An unauthenticated attacker in the same network collision domain as the NetWorker Management Console client could potentially exploit this vulnerability to perform man-in-the-middle attacks to intercept and tamper the traffic between the client and the application server. |
21 |
CVE-2021-21558 |
532 |
|
|
2021-06-08 |
2021-06-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC NetWorker, 18.x, 19.1.x, 19.2.x 19.3.x, 19.4 and 19.4.0.1, contains an Information Disclosure vulnerability. A local administrator of the gstd system may potentially exploit this vulnerability to read LDAP credentials from local logs and use the stolen credentials to make changes to the network domain. |
22 |
CVE-2021-21547 |
312 |
|
+Priv |
2021-04-30 |
2021-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
23 |
CVE-2021-21546 |
532 |
|
|
2021-07-29 |
2021-08-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC NetWorker versions 18.x,19.x prior to 19.3.0.4 and 19.4.0.0 contain an Information Disclosure in Log Files vulnerability. A local low-privileged user of the Networker server could potentially exploit this vulnerability to read plain-text credentials from server log files. |
24 |
CVE-2020-29503 |
276 |
|
|
2021-07-19 |
2021-08-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory. |
25 |
CVE-2020-26199 |
532 |
|
+Priv |
2021-01-05 |
2021-01-08 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a plain-text password storage vulnerability. A user credentials (including the Unisphere admin privilege user) password is stored in a plain text in multiple log files. A local authenticated attacker with access to the log files may use the exposed password to gain access with the privileges of the compromised user. |
26 |
CVE-2020-26196 |
732 |
|
|
2021-02-09 |
2021-02-12 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation issue. A user with the BackupAdmin role may potentially exploit this vulnerability resulting in the ability to write data outside of the intended file system location. |
27 |
CVE-2020-5315 |
522 |
|
|
2021-07-19 |
2021-08-02 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text password storage vulnerability. Proxy server user password is stored in a plain text in a local database. A local authenticated malicious user with access to the local file system may use the exposed password to access the with privileges of the compromised user. |
28 |
CVE-2019-19620 |
281 |
|
Bypass |
2019-12-06 |
2019-12-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the SYSTEM user was denied access to the source file. |
29 |
CVE-2019-18576 |
532 |
|
+Priv |
2020-03-13 |
2020-03-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC XtremIO XMS versions prior to 6.3.0 contain an information disclosure vulnerability where OS users’ passwords are logged in local files. Malicious local users with access to the log files may use the exposed passwords to gain access to XtremIO with the privileges of the compromised user. |
30 |
CVE-2019-3763 |
532 |
|
+Info |
2019-09-11 |
2020-10-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain an information exposure vulnerability. The Office 365 user password may get logged in a plain text format in the Office 365 connector debug log file. An authenticated malicious local user with access to the debug logs may obtain the exposed password to use in further attacks. |
31 |
CVE-2019-3741 |
693 |
|
+Priv |
2019-07-18 |
2020-02-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC Unity and UnityVSA versions prior to 5.0.0.0.5.116 contain a plain-text password storage vulnerability. A Unisphere user’s (including the admin privilege user) password is stored in a plain text in Unity Data Collection bundle (logs files for troubleshooting). A local authenticated attacker with access to the Data Collection bundle may use the exposed password to gain access with the privileges of the compromised user. |
32 |
CVE-2019-3729 |
787 |
|
Overflow |
2019-09-30 |
2022-04-12 |
2.7 |
None |
Local Network |
Low |
??? |
None |
None |
Partial |
RSA BSAFE Micro Edition Suite versions prior to 4.4 (in 4.0.x, 4.1.x, 4.2.x and 4.3.x) are vulnerable to a Heap-based Buffer Overflow vulnerability when parsing ECDSA signature. A malicious user with adjacent network access could potentially exploit this vulnerability to cause a crash in the library of the affected system. |
33 |
CVE-2018-15765 |
200 |
|
Exec Code +Info |
2018-10-18 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks. |
34 |
CVE-2018-11068 |
459 |
|
|
2018-09-11 |
2021-12-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
RSA BSAFE SSL-J versions prior to 6.2.4 contain a Heap Inspection vulnerability that could allow an attacker with physical access to the system to recover sensitive key material. |
35 |
CVE-2018-11055 |
404 |
|
|
2018-08-31 |
2022-04-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6.1 (in 4.1.x), contains an Improper Clearing of Heap Memory Before Release ('Heap Inspection') vulnerability. Decoded PKCS #12 data in heap memory is not zeroized by MES before releasing the memory internally and a malicious local user could gain access to the unauthorized data by doing heap inspection. |
36 |
CVE-2016-0887 |
200 |
|
+Info |
2016-04-12 |
2021-12-09 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.0.x and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2.1, RSA BSAFE SSL-J before 6.2.1, and RSA BSAFE SSL-C before 2.8.9 allow remote attackers to discover a private-key prime by conducting a Lenstra side-channel attack that leverages an application's failure to detect an RSA signature failure during a TLS session. |
37 |
CVE-2015-4056 |
310 |
|
|
2017-02-21 |
2021-09-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access. |